CVE-2025-25181 - Advantive VeraCore SQL Injection Vulnerability

Advantive | VeraCore

• Date Added:
• 2025-03-10

• Due Date:
• 2025-03-31

Vulnerability Name

Advantive VeraCore SQL Injection Vulnerability

Description

Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://advantive.my.site.com/support/s/article/Veracore-Release-Notes-2025-1-1-3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-25181

Latest Security News

X hit by ‘massive cyberattack’ amid Dark Storm’s DDoS claims

US govt says Americans lost record $12.5 billion to fraud in 2024

Microsoft shares guidance on upcoming Publisher deprecation

FTC will send $25.5 million to victims of tech support scams

Swiss critical sector faces new 24-hour cyberattack reporting rule

Google paid $12 million in bug bounties last year to security researchers

Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials

Quantum leap: Passwords in the new era of computing security

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumAbsence of Anti-CSRF Tokens

MediumMissing Anti-clickjacking Header

MediumContent Security Policy (CSP) Header Not Set

InformationalInformation Disclosure - Suspicious Comments

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

HighPII Disclosure

MediumCross-Domain Misconfiguration

Top CVE List

CVE-2024-50302 Linux Kernel Use of Uninitialized Resource Vulnerability

CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability

CVE-2025-22225 VMware ESXi Arbitrary Write Vulnerability

CVE-2025-22226 VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability

CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability

CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability

CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability

CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability

CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability

CVE-2023-20118 Cisco Small Business RV Series Routers Command Injection Vulnerability

Common CWEs

CWE-655 Insufficient Psychological Acceptability

CWE-943 Improper Neutralization of Special Elements in Data Query Logic

MediumCWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

CWE-1073 Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses

CWE-1311 Improper Translation of Security Attributes by Fabric Bridge

CWE-593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created

CWE-62 UNIX Hard Link

CWE-781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code

CWE-1395 Dependency on Vulnerable Third-Party Component

CWE-651 Exposure of WSDL File Containing Sensitive Information